We recently addressed an issue affecting login for some customers. We would like to take the opportunity to further explain the issue and the steps we have taken to keep them from happening in the future.
Between 4:37pm PDT on Oct 6th and 03:32am PDT on Oct 7th, some users may have experienced difficulties while working in Box. During this time, some customers with time-based one-time (TOTP) multi-factor authentication (MFA) enabled accounts were not able to log in. The issue occurred as a result of a recent code change as a part of code refactoring to optimize the MFA flow. We were able to resolve the issue by rolling back the new changes. In addition, we are working to improve our deploying and testing processes to prevent similar issues from occurring in the future.
We recently rolled out new changes that were meant to optimize the MFA flow. The changes included a bug that caused login failures for accounts with TOTP MFA enabled. After the initial roll out was rolled back to mitigate the issue, the engineers investigating it were able to identify the issue and correct it.
The following corrective action has been completed:
We are continuously working to improve Box and want to make sure we are delivering the best product and user experience we can. We hope we have provided some clarity here and we would be happy to answer any questions you may still have regarding this matter.
The Box Team